<!DOCTYPE html>
<html lang="en-us">
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
    
<meta charset="UTF-8">
<title>Security overview | Elasticsearch Guide [7.7] | Elastic</title>
<link rel="home" href="index.html" title="Elasticsearch Guide [7.7]">
<link rel="up" href="secure-cluster.html" title="Secure a cluster">
<link rel="prev" href="secure-cluster.html" title="Secure a cluster">
<link rel="next" href="configuring-security.html" title="Configuring security in Elasticsearch">
<meta name="DC.type" content="Learn/Docs/Elasticsearch/Reference/7.7">
<meta name="DC.subject" content="Elasticsearch">
<meta name="DC.identifier" content="7.7">
<meta name="robots" content="noindex,nofollow">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script src="https://cdn.optimizely.com/js/18132920325.js"></script>
    <link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png">
    <link rel="apple-touch-icon" sizes="60x60" href="/apple-icon-60x60.png">
    <link rel="apple-touch-icon" sizes="72x72" href="/apple-icon-72x72.png">
    <link rel="apple-touch-icon" sizes="76x76" href="/apple-icon-76x76.png">
    <link rel="apple-touch-icon" sizes="114x114" href="/apple-icon-114x114.png">
    <link rel="apple-touch-icon" sizes="120x120" href="/apple-icon-120x120.png">
    <link rel="apple-touch-icon" sizes="144x144" href="/apple-icon-144x144.png">
    <link rel="apple-touch-icon" sizes="152x152" href="/apple-icon-152x152.png">
    <link rel="apple-touch-icon" sizes="180x180" href="/apple-icon-180x180.png">
    <link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32">
    <link rel="icon" type="image/png" href="/android-chrome-192x192.png" sizes="192x192">
    <link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96">
    <link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16">
    <link rel="manifest" href="/manifest.json">
    <meta name="apple-mobile-web-app-title" content="Elastic">
    <meta name="application-name" content="Elastic">
    <meta name="msapplication-TileColor" content="#ffffff">
    <meta name="msapplication-TileImage" content="/mstile-144x144.png">
    <meta name="theme-color" content="#ffffff">
    <meta name="naver-site-verification" content="936882c1853b701b3cef3721758d80535413dbfd">
    <meta name="yandex-verification" content="d8a47e95d0972434">
    <meta name="localized" content="true">
    <meta name="st:robots" content="follow,index">
    <meta property="og:image" content="https://www.elastic.co/static/images/elastic-logo-200.png">
    <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
    <link rel="icon" href="/favicon.ico" type="image/x-icon">
    <link rel="apple-touch-icon-precomposed" sizes="64x64" href="/favicon_64x64_16bit.png">
    <link rel="apple-touch-icon-precomposed" sizes="32x32" href="/favicon_32x32.png">
    <link rel="apple-touch-icon-precomposed" sizes="16x16" href="/favicon_16x16.png">
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
    <link rel="stylesheet" type="text/css" href="/guide/static/styles.css">
  </head>

  <!--© 2015-2021 Elasticsearch B.V. Copying, publishing and/or distributing without written permission is strictly prohibited.-->

  <body>
    <!-- Google Tag Manager -->
    <script>dataLayer = [];</script><noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-58RLH5" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
    <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-58RLH5');</script>
    <!-- End Google Tag Manager -->

    <!-- Global site tag (gtag.js) - Google Analytics -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-12395217-16"></script>
    <script>
      window.dataLayer = window.dataLayer || [];
      function gtag(){dataLayer.push(arguments);}
      gtag('js', new Date());
      gtag('config', 'UA-12395217-16');
    </script>

    <!--BEGIN QUALTRICS WEBSITE FEEDBACK SNIPPET-->
    <script type="text/javascript">
      (function(){var g=function(e,h,f,g){
      this.get=function(a){for(var a=a+"=",c=document.cookie.split(";"),b=0,e=c.length;b<e;b++){for(var d=c[b];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};
      this.set=function(a,c){var b="",b=new Date;b.setTime(b.getTime()+6048E5);b="; expires="+b.toGMTString();document.cookie=a+"="+c+b+"; path=/; "};
      this.check=function(){var a=this.get(f);if(a)a=a.split(":");else if(100!=e)"v"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(":"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case "v":return!1;case "r":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(":")),!c}return!0};
      this.go=function(){if(this.check()){var a=document.createElement("script");a.type="text/javascript";a.src=g;document.body&&document.body.appendChild(a)}};
      this.start=function(){var a=this;window.addEventListener?window.addEventListener("load",function(){a.go()},!1):window.attachEvent&&window.attachEvent("onload",function(){a.go()})}};
      try{(new g(100,"r","QSI_S_ZN_emkP0oSe9Qrn7kF","https://znemkp0ose9qrn7kf-elastic.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_emkP0oSe9Qrn7kF")).start()}catch(i){}})();
    </script><div id="ZN_emkP0oSe9Qrn7kF"><!--DO NOT REMOVE-CONTENTS PLACED HERE--></div>
    <!--END WEBSITE FEEDBACK SNIPPET-->

    <div id="elastic-nav" style="display:none;"></div>
    <script src="https://www.elastic.co/elastic-nav.js"></script>

    <!-- Subnav -->
    <div>
      <div>
        <div class="tertiary-nav d-none d-md-block">
          <div class="container">
            <div class="p-t-b-15 d-flex justify-content-between nav-container">
              <div class="breadcrum-wrapper"><span><a href="/guide/" style="font-size: 14px; font-weight: 600; color: #000;">Docs</a></span></div>
            </div>
          </div>
        </div>
      </div>
    </div>

    <div class="main-container">
      <section id="content">
        <div class="content-wrapper">

          <section id="guide" lang="en">
            <div class="container">
              <div class="row">
                <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                  <!-- start body -->
                  <div class="page_header">
<strong>IMPORTANT</strong>: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
<a href="../current/index.html">current release documentation</a>.
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-node">Security overview</span>
</div>
<div class="navheader">
<span class="prev">
<a href="secure-cluster.html">« Secure a cluster</a>
</span>
<span class="next">
<a href="configuring-security.html">Configuring security in Elasticsearch »</a>
</span>
</div>
<div class="chapter xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="elasticsearch-security"></a>Security overview<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/overview.asciidoc">edit</a><a class="xpack_tag" href="/subscriptions"></a>
</h2>
</div></div></div>

<p>An Elasticsearch cluster is typically made out of many moving parts. There are the Elasticsearch
nodes that form the cluster and often Logstash instances, Kibana instances, Beats
agents, and clients all communicating with the cluster. It should not come as a
surprise that securing such clusters has many facets and layers.</p>
<p>Security protects Elasticsearch clusters by:</p>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
<a class="xref" href="elasticsearch-security.html#preventing-unauthorized-access" title="Preventing unauthorized access">Preventing unauthorized access</a>
with password protection, role-based access control, and IP filtering.
</li>
<li class="listitem">
<a class="xref" href="elasticsearch-security.html#preserving-data-integrity" title="Preserving data integrity">Preserving the integrity of your data</a>
with SSL/TLS encryption.
</li>
<li class="listitem">
<a class="xref" href="elasticsearch-security.html#maintaining-audit-trail" title="Maintaining an audit trail">Maintaining an audit trail</a>
so you know who’s doing what to your cluster and the data it stores.
</li>
</ul>
</div>
<h3>
<a id="preventing-unauthorized-access"></a>Preventing unauthorized access<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/overview.asciidoc">edit</a>
</h3>
<p>To prevent unauthorized access to your Elasticsearch cluster, you must have a
way to <em>authenticate</em> users. This simply means that you need a way to validate
that a user is who they claim to be. For example, you have to make sure only
the person named <em>Kelsey Andorra</em> can sign in as the user <code class="literal">kandorra</code>. The
Elasticsearch security features provide a standalone authentication mechanism that enables
you to quickly password-protect your cluster. If you’re already using LDAP,
Active Directory, or PKI to manage users in your organization, the
security features are able to integrate with those systems to perform user
authentication.</p>
<p>In many cases, simply authenticating users isn’t enough. You also need a way to
control what data users have access to and what tasks they can perform. The
Elasticsearch security features enable you to <em>authorize</em> users by assigning access
<em>privileges</em> to <em>roles</em> and assigning those roles to users. For example, this
role-based access control mechanism (a.k.a RBAC) enables you to specify that the
user <code class="literal">kandorra</code> can only perform read operations on the <code class="literal">events</code> index and can’t
do anything at all with other indices.</p>
<p>See <a class="xref" href="setting-up-authentication.html" title="User authentication"><em>User authentication</em></a> and <a class="xref" href="authorization.html" title="User authorization"><em>User authorization</em></a>.</p>
<p>The security features also enable you to restrict the nodes and clients that
can connect to the cluster based on <a class="xref" href="ip-filtering.html" title="Restricting connections with IP filtering">IP filters</a>. You can
whitelist and blacklist specific IP addresses, subnets, or DNS domains to
control network-level access to a cluster.</p>
<h3>
<a id="preserving-data-integrity"></a>Preserving data integrity<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/overview.asciidoc">edit</a>
</h3>
<p>A critical part of security is keeping confidential data confidential.
Elasticsearch has built-in protections against accidental data loss and
corruption. However, there’s nothing to stop deliberate tampering or data
interception. The Elastic Stack security features preserve the integrity of your
data by encrypting communications to, from, and within the cluster. See
<a class="xref" href="encrypting-communications.html" title="Encrypting communications"><em>Encrypting communications</em></a>. For even	greater protection, you can increase the
<a class="xref" href="ciphers.html" title="Enabling cipher suites for stronger encryption">encryption strength</a>.</p>
<h3>
<a id="maintaining-audit-trail"></a>Maintaining an audit trail<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/overview.asciidoc">edit</a>
</h3>
<p>Keeping a system secure takes vigilance. By using Elastic Stack security features to
maintain an audit trail, you can easily see who is accessing your cluster and
what they’re doing. You can configure the audit level, which accounts for the
type of events that are logged. These events include failed authentication
attempts, user access denied, node connection denied, and more. By analyzing
access patterns and failed attempts to access your cluster, you can gain
insights into attempted attacks and data breaches. Keeping an auditable log of
the activity in your cluster can also help diagnose operational issues. For more
information, see <a class="xref" href="auditing.html" title="Audit logging">Audit logging</a>.</p>
</div>
<div class="navfooter">
<span class="prev">
<a href="secure-cluster.html">« Secure a cluster</a>
</span>
<span class="next">
<a href="configuring-security.html">Configuring security in Elasticsearch »</a>
</span>
</div>
</div>

                  <!-- end body -->
                </div>
                <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                  <div id="rtpcontainer" style="display: block;">
                    <div class="mktg-promo">
                      <h3>Most Popular</h3>
                      <ul class="icons">
                        <li class="icon-elasticsearch-white"><a href="https://www.elastic.co/webinars/getting-started-elasticsearch?baymax=default&amp;elektra=docs&amp;storm=top-video">Get Started with Elasticsearch: Video</a></li>
                        <li class="icon-kibana-white"><a href="https://www.elastic.co/webinars/getting-started-kibana?baymax=default&amp;elektra=docs&amp;storm=top-video">Intro to Kibana: Video</a></li>
                        <li class="icon-logstash-white"><a href="https://www.elastic.co/webinars/introduction-elk-stack?baymax=default&amp;elektra=docs&amp;storm=top-video">ELK for Logs &amp; Metrics: Video</a></li>
                      </ul>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </section>

        </div>


<div id="elastic-footer"></div>
<script src="https://www.elastic.co/elastic-footer.js"></script>
<!-- Footer Section end-->

      </section>
    </div>

<script src="/guide/static/jquery.js"></script>
<script type="text/javascript" src="/guide/static/docs.js"></script>
<script type="text/javascript">
  window.initial_state = {}</script>
  </body>
</html>
